Megosztás a következőn keresztül:


Release notes for Semi-Annual Channel (Targeted) releases in 2018

These release notes provide information about new features, security updates, and non-security updates that are included in Semi-Annual Channel (Targeted) updates to Office 365 ProPlus in 2018.

Note

  • The following also provides information about new features, security updates, and non-security updates for Visio Pro for Office 365 and Project Online Desktop Client.
  • This information also applies to Office 365 Business, which is the version of Office that comes with some Office 365 plans, such as Business Premium.

Note

  • The security updates information for each update channel of Office 365 ProPlus will start being listed separately at Security Updates.

Version 1808: December 11

Version 1808 (Build 10730.20262)

Excel: Security updates

  • CVE-2018-8597: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8598: Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8627: Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8636: Microsoft Excel Remote Code Execution Vulnerability

Outlook: Security updates

  • CVE-2018-8587: Microsoft Outlook Remote Code Execution Vulnerability

PowerPoint: Security updates

  • CVE-2018-8628: Microsoft PowerPoint Remote Code Execution Vulnerability

Excel: Non-Security updates

  • Fixed an issue in coauthoring sessions where a slicer is not properly updated after another user applies a column filter to the data in that slicer.
  • Fixed an issue in a coauthoring session where one of the users clears the caption for a slicer and this causes another user in the coauthoring session to experience an Excel crash.
  • Fixed possible crash when creating multiple table slicers bound to the same column of data and then deleting that column of data.
  • Fixed an issue where Excel would sometimes crash while refreshing a filtered query table that contains wrapped text in cells when the option to automatically adjust column widths was off.
  • Fixed an issue where slicers saved in Excel 2007 can trigger a crash when opened in newer versions of Excel if the number of items shown in the slicer changes.
  • Introduces support for the Get Diagnostics button to simplify the investigation of support requests.

Outlook: Non-Security updates

  • Fixed an issue that caused users to see an error when launching the "Manage Rules and Alerts" dialog.
  • Fixed an issue that caused users to be unable to connect to their mailboxes over DirectAccess when using a metered connection.
  • Fixed an issue that caused users to see free docs stored in Public Folders erroneously open in "Protected View".
  • Fixed an issue that caused users to see unexpected attachments when forwarding items with inline attachments.
  • Fixed an issue that caused OFT files to render poorly after being sent as an attachment.
  • Fixed an issue that caused some add in users to experience crashes when adding a meeting to a shared calendar.
  • Fixed an issue that caused users to experience hangs when opening the Conversation History folder.

Project: Non-Security updates

  • Fixed an issue around supporting a new Venezuelan currency in Project.
  • Fixed an issue where Project may hang when using a Surface 4 that is connected to an external monitor.
  • Fixed an issue where Project may crash when saving the project to the XML format.
  • Fixed an issue where enterprise resource custom fields may be deleted after editing a resource's calendar.
  • Fixed an issue that caused users to experience crashes when searching for Korean display names.

Version 1808: November 13

Version 1808 (Build 10730.20205)

Excel: Security updates

  • CVE-2018-8574: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8577: Microsoft Excel Remote Code Execution Vulnerability

Outlook: Security updates

  • CVE-2018-8522: Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-8524: Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-8558: Microsoft Outlook Information Disclosure Vulnerability
  • CVE-2018-8576: Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-8579: Microsoft Outlook Information Disclosure Vulnerability
  • CVE-2018-8582: Microsoft Outlook Remote Code Execution Vulnerability

Project: Security updates

  • CVE-2018-8575: Microsoft Project Remote Code Execution Vulnerability

Word: Security updates

  • CVE-2018-8573: Microsoft Word Remote Code Execution Vulnerability

Skype for Business: Security updates

  • CVE-2018-8546: Microsoft Skype for Business Denial of Service Vulnerability

Excel: Non-security updates

  • Fixed a bug where Power Pivot did not appear in some builds/versions.

Outlook: Non-security updates

  • Fixed an issue that caused users to be unable to successfully use the Accounts control button to switch between accounts on custom forms.
  • Fixed an issue that caused users to experience a crash when using ScanPST to repair an OST/PST file.
  • Fixed an issue that caused the CC: field on certain mail messages to fail to display for users with online mode profiles.

OneNote: Non-security updates

  • Fixed a stability issue that can occur involving sync and navigating to a deleted section.

Project: Non-security updates

  • Fixed an issue where if you were working with Project files on a SharePoint document library that was in the new modern experience, the Check-Out Required and Read-Only actions aren't being correctly followed.

Version 1808: October 9

Version 1808 (Build 10730.20155)

Excel: Security updates

  • CVE-2018-8502: Microsoft Excel Remote Code Execution Vulnerability

Outlook: Security updates

  • ADV180026: Microsoft Office Defense in Depth Update

PowerPoint: Security updates

  • CVE-2018-8501: Microsoft PowerPoint Remote Code Execution Vulnerability

Word: Security updates

  • CVE-2018-8504: Microsoft Word Remote Code Execution Vulnerability
  • ADV180026: Microsoft Office Defense in Depth Update

Office suite: Security updates

  • CVE-2018-8432: Microsoft Graphics Components Remote Code Execution Vulnerability

Excel: Non-Security updates

  • Fixed the issue when symbols in the range 2190...2194 are switched to Cambria Math. This is causing the Excel cell height to increase by 3 times.
  • This fixes the issue in Excel wherein Excel may become unresponsive when the user hovers over formatting options in a workbook with many defined names, and where Excel may become unresponsive in the Quick Analysis tool even when Live Preview was disabled in options.
  • We are currently investigating slow performance when moving the Excel Application Window from one desktop to another. In the meantime, if you do notice this slowness then a work around to consider is to select "Optimize for compatibility" for "When using multiple displays" in the "General" tab in the File Options dialog.

PowerPoint: Non-Security updates

  • Fixed an issue of potential file corruptions when saving files with ActiveX content.

Word: Non-Security updates

  • Fixed an issue that when inserting a Word Document object, the equation editor would appear.

Project: Non-Security updates

  • Fixed an issue where if you set a header or footer for a print-out, the change wasn't persisted the next time you went to print your project.

Office Suite: Non-Security updates

  • Fixed issue of apps showing animations despite turning off animations through accessibility and performance settings.
  • Fixed issue of background turning blank when using highlighter drawing tool.

Version 1808: September 11

Version 1808 (Build 10730.20102)

Access: Feature Updates

  • Visualize data with new charts: Choose from 11 charts and add one to your forms and reports to better visualize the data and make informed decisions. Learn more

Access: Security updates

  • CVE-2018-8312: Microsoft Access Remote Code Execution Use After Free Vulnerability

Excel: Feature updates

  • Collaborative editing: Work with others at the same time in your workbook. Learn more
  • AutoSave for cloud files is now enabled by default: AutoSave is enabled by default in the September 2018 Semi-Annual Channel (Targeted) release. This change means users won’t have to worry about losing their changes in documents stored on OneDrive or SharePoint Online. Changes will be saved in the cloud automatically, and users will no longer have to explicitly press Ctrl + S or the Save button. However, they will have to understand this change in behavior so they don’t make accidental changes to documents. Note that users can turn off AutoSave using the AutoSave toggle at the top of the screen. We recommend that you notify your users about this upcoming change and educate them about how to best take advantage of this new feature in Office 365. Learn more about AutoSave Learn more about what IT admins should know about AutoSave
  • Improved cell and formula bar editing: You can now use CTRL+A to select text in a cell or the formula bar. There's also improved support for emojis and other complex characters.Learn more
  • Accessibility Checker improvements: The Accessibility Checker has updated support for international standards and recommendations to make your workbooks more accessible. Learn more
  • Avoid unwanted edits: Set your workbooks to open as read-only to prevent accidental changes. Go to File > Info > Protect Workbook > Always Open Read-Only

Excel: Security updates

  • CVE-2018-8331: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8429: Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8375: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8379: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8382: Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8246: Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8248: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8147: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8148: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8162: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8163: Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-1029: Microsoft Excel Remote Code Execution Vulnerability

Excel: Non-security updates

  • Fix an issue where Excel may crash when changing a chart's source data from its original set of cells.
  • Fix an issue where recalculation may not happen on open even if the FullCalcOnLoad property is set.
  • Fix an issue where the wrong year is shown when Japanese Era calendar is used in date cell format.
  • When importing data into the Excel Data Model, incoming values of negative zero would result in an error. The fix imports such values as zero.
  • Fix an issue where a group (or ungroup) operation in an Excel PivotTable could sometimes trigger a crash.
  • Fix an issue where charting actions could cause Excel to crash.
  • Fix an issue where the Power View add-in is inadvertently disabled for some users.
  • Fix an issue where temporary auto-recovery files created during document recovery are never cleaned up.
  • Fix an issue where attempting to make a new connection to a text file in a protected workbook results in getting a "Workbook is protected and cannot be changed" error message.
  • Fix an issue where Quick Print of an Excel workbook attached to an Outlook email may not print.
  • Fix an issue where clicking on a hyperlink may cause Excel to crash.
  • Fix an issue where using cube functions causes Excel to crash.

Outlook: Feature updates

  • Accessibility Checker improvements: The Accessibility Checker has updated support for international standards and recommendations to make your messages more accessible. Learn more
  • Manage Profiles from the Profile Picker: If you use the Profile Picker when Outlook starts up, you can now make changes without going to the control panel. Create and delete profiles, change settings, all from the Profile Picker.
  • Accessibility built right in: Make your messages accessible to everyone by adding descriptive alt text to your images.
  • Outlook add-in warnings: Occasionally an Outlook COM add-in can encounter problems that slows down the rest of Outlook. These problems could be due to latency of events such as switching between Outlook folders, arrival of new emails, opening Calendar items, etc. When such issues arise, Outlook will display a warning in the notification bar.
  • Know who you'll be meeting with: You can see other people's responses to a meeting request, even if you aren't the organizer.
  • Never miss a reminder: Set reminders to pop up over windows you're working in. Otherwise, Outlook will blink in the taskbar to get your attention.Learn more
  • Mark deleted items as read: You can now set any message that you delete as read. Opt in by going to File > Options > Mail > Other.
  • View three time zones: Need to schedule a meeting across time zones? Add multiple time zones to your calendar to easily see everyone's availability and pick a time that works for all. Learn more
  • Refined user experience for creating a group: We have refined the user experience for the create group to make it look more modern and clutter-free.Learn more

Outlook: Security updates

  • CVE-2018-8310: Microsoft Office Tampering Vulnerability
  • CVE-2018-8244: Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2018-8150: Microsoft Outlook Security Feature Bypass Vulnerability
  • ADV180021: Microsoft Office Defense in Depth Update

Outlook: Non-security updates

  • Fix an issue where if you switch the system language to Japanese and attempt to type Japanese characters into the VBA IDE when loaded within Outlook, it freezes.
  • Fix an issue where switching to the Outbox or Sent Items folder causes Outlook to crash.
  • Fix an issue where all attendees receive meeting updates when the meeting body or attachments change, instead of sending a meeting update to the attendees being optional.
  • Fix an issue that causes users to be unable to connect to EWS and REST endpoints because of a change in the User-Agent string.
  • Fix an issue where a meeting location update to attendees shows the old location instead of the new location.
  • Fix an issue where the user sees an error when previewing an attachment in the reading pane.
  • Fix an issue where Outlook crashes when resolving display names to email addresses when the user is composing an email.
  • Fix an issue where some users don't receive support features that have been enabled by their tenant admin.

PowerPoint: Feature updates

  • AutoSave for cloud files is now enabled by default: AutoSave is enabled by default in the September 2018 Semi-Annual Channel (Targeted) release. This change means users won’t have to worry about losing their changes in documents stored on OneDrive or SharePoint Online. Changes will be saved in the cloud automatically, and users will no longer have to explicitly press Ctrl + S or the Save button. However, they will have to understand this change in behavior so they don’t make accidental changes to presentations. Note that users can turn off AutoSave using the AutoSave toggle at the top of the screen. We recommend that you notify your users about this upcoming change and educate them about how to best take advantage of this new feature in Office 365. Learn more about AutoSave Learn more about what IT admins should know about AutoSave
  • Convert your ink: Take scribbled notes and drawings, and convert them into readable text and crisp shapes to create a polished presentation. Learn more
  • Improved SVG support: You can insert SVG's that have filters applied to them. Learn more
  • Title your slides with a pen: Use your pen to ink in a title, and watch PowerPoint convert it to text. Learn more
  • Avoid unwanted edits: Set your workbooks to open as read-only to prevent accidental changes. Go to File > Info > Protect Workbook > Always Open Read-Only
  • Accessibility Checker improvements: The Accessibility Checker has updated support for international standards and recommendations to make your presentations more accessible. Learn more

PowerPoint: Non-security updates

  • Fix an issue where tables are rendered incorrectly with thick borders.
  • Fix an issue where a potential crash could occur when changing the Shape.Visibile property.
  • Fix an issue where changes in co-authored documents fail to merge.
  • Fix an issue where documents containing ActiveX controls would cause co-authoring to fail.
  • Fix an issue where spelling correction in shapes causes PowerPoint to crash.
  • Fix an issue where PowerPoint crashes when opening a file from SharePoint Online.
  • Fix an issue where the Recovery Pane incorrectly appears when AutoSave is on.
  • Fix an issue where sign-in isn't shown preventing a user from accessing a file.
  • Fix an issue where multiple users co-authoring on the same presentation results in an incorrect duplication of slides masters.
  • Fix an issue where opening a file saved on OneDrive results in PowerPoint crashing when exiting Protected View.

Project: Feature updates

  • Sprint management: Quickly add, update, or delete agile sprints.
  • Task board filtering: Streamline your task boards by filtering on key resources or summary tasks.
  • Set percent complete from a task board: Choose a percent complete for each column, and then update task completion with drag-and-drop.
  • Sprint navigation: Switch from one sprint view to another, and quickly move tasks between sprints.
  • A new way to manage sprints: Take an agile approach to working with Task Boards. Go to Manage Sprints to add and remove sprints as your project evolves.
  • Stay organized with Recent save locations: Project keeps a running list of where you've saved other projects. When you're ready to save your project, just choose one of your Recent save locations and get on with your day.

Project non-security updates

  • Fix an issue where you are blocked from saving a sub project when working with them through the context of a master project.

Skype for Business: Non-security updates

  • Fix an issue related to TLS 1.2 support. (Note: This is the same fix that was mentioned in the April 10 notes and is mentioned here again as part of the September rollup.)
  • Fix an issue where adding users by selecting 'Skype Call' in a meeting causes an error.
  • Remove prompt asking user to add Skype coordinates to a meeting, if a Skype Room is added as the location and the meeting already contains Teams meeting coordinates.
  • Fix an issue where location is populated even when UseLocationForE911Only is set to true.
  • Fix an issue where Skype for Business hangs when using the "call using conference center" option to invite users from the roster.
  • Fix an issue where Outlook running on terminal server freezes while creating a Skype for Business meeting.
  • Change the default value of EnableRestoreOAuthUsedKeyWhenUsingCachedWebTicket to TRUE.

Visio: Feature updates

  • Keep your diagram and source in sync: When you edit a Data Visualizer diagram in Visio, you have the option to update the linked Excel source data with the latest diagram content.
  • Data Visualizer audit template: Import content from Excel and create audit diagrams for financial transactions, inventory management, and more.
  • Starter diagrams: The Organization Chart, Brainstorming, and SDL templates have new starter diagrams to get you up and running quickly.
  • Build a Word document out of Visio shapes Automatically add diagram content, including shapes and metadata, to a Word document. Then customize the document to create process guidelines and operation manuals. Learn more

Word: Feature updates

  • AutoSave for cloud files is now enabled by default: AutoSave is enabled by default in the September 2018 Semi-Annual Channel (Targeted) release. This change means users won’t have to worry about losing their changes in documents stored on OneDrive or SharePoint Online. Changes will be saved in the cloud automatically, and users will no longer have to explicitly press Ctrl + S or the Save button. However, they will have to understand this change in behavior so they don’t make accidental changes to presentations. Note that users can turn off AutoSave using the AutoSave toggle at the top of the screen. We recommend that you notify your users about this upcoming change and educate them about how to best take advantage of this new feature in Office 365. Learn more about AutoSave [Learn more about what IT admins should know about AutoSave]
  • Accessibility Checker improvements: The Accessibility Checker has updated support for international standards and recommendations to make your documents more accessible. Learn more
  • Improved SVG support: You can insert SVG's that have filters applied to them. Learn more

Word: Security updates

  • CVE-2018-8430: Word PDF Remote Code Execution Vulnerability
  • CVE-2018-0919: Microsoft Office Information Disclosure Vulnerability

Word: Non-security updates

  • Fix an issue that causes an insufficient memory message to appear.
  • Fixed a set of issues that prevented some users from opening IRM-protected documents & emails that were shared with them by people in other organizations.
  • Fixed some performance issues.

Office Suite: Security updates

  • CVE-2018-8332: Win32k Graphics Remote Code Execution Vulnerability
  • CVE-2018-8378: Microsoft Office Information Disclosure Vulnerability
  • CVE-2018-8281: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-8157: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-8158: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-0950: Microsoft Office Information Disclosure Vulnerability
  • CVE-2018-1026: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-1030: Microsoft Office Remote Code Execution Vulnerability
  • Flash, Silverlight and Shockwave controls blocked from activating in Office for security reasons: For security reasons new builds of Microsoft Office for Office 365 on Windows block activation of Flash, Silverlight, and Shockwave controls. Learn more here and here.

Office Suite: Non-security updates

  • Fixed an issue that caused update install to take a long time in certain scenarios.
  • Fix an issue where, when opening an application, the user might see a message about launching in Safe mode and then the application fails to open.
  • Fixed some performance issues.

Version 1803: August 14

Version 1803 (Build 9126.2275)

Access: Security updates

  • CVE-2018-8312: Microsoft Access Remote Code Execution Use After Free Vulnerability

Excel: Security updates

  • CVE-2018-8375: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8379: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8382: Microsoft Excel Information Disclosure Vulnerability

Outlook: Security updates

  • ADV180021: Microsoft Office Defense in Depth Update

Office Suite: Security updates

  • CVE-2018-8378: Microsoft Office Information Disclosure Vulnerability

Version 1803: July 10

Version 1803 (Build 9126.2259)

Access: Security updates

  • CVE-2018-8312: Microsoft Access Remote Code Execution Use After Free Vulnerability

Outlook: Security updates

Office Suite: Security updates

  • CVE-2018-8281: Microsoft Office Remote Code Execution Vulnerability

Excel: Non-security updates

  • Fix an issue where the wrong year is shown when Japanese Era calendar is used in date cell format.
  • When importing data into the Excel Data Model, incoming values of negative zero would result in an error. The fix imports such values as zero.

PowerPoint: Non-security updates

  • Fixes issue where tables are rendered incorrectly with thick borders.

Project: Non-security updates

  • Fixed an issue where if a task is split with a cost resource, the cost resource isn't correctly updated and the cost is lost.
  • Fixed an issue where in the Timeline view - Add Existing Tasks to the Timeline dialog, only tasks from the first summary task would show up.
  • Fixed an issue where saving as XML may fail for master projects from Project Online or Project Server.

Office Suite: Non-security updates

  • Fix a bug that caused update install to take a long time in certain scenarios.
  • Fix an issue where SVG tests are failing
  • Fix an issue where, when deploying updates using Configuration Manager to a client that has running Office applications the update is not applied after restarting the device while Office applications are running.

Version 1803: June 12

Version 1803 (Build 9126.2227)

Excel: Security updates

  • CVE-2018-8246: Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8248: Microsoft Excel Remote Code Execution Vulnerability

Excel: Non-security updates

  • Fix an issue where a group (or ungroup) operation in an Excel PivotTable could sometimes trigger a crash.

Outlook: Security updates

  • CVE-2018-8244: Microsoft Outlook Elevation of Privilege Vulnerability

PowerPoint: Non-security updates

  • Fix an issue where a potential crash could occur when changing the Shape.Visibile property.
  • Fix an issue where changes in co-authored documents fail to merge.
  • Fix an issue where documents containing ActiveX controls would cause co-authoring to fail.

Project: Non-security updates

  • Fix an issue where in the Timeline view - Add Existing Tasks to the Timeline dialog, only tasks from the first summary task would show up.

Office Suite: Non-security updates

  • Fix an issue where, when deploying updates using Configuration Manager to a client that has running Office applications the update is not applied after restarting the device while Office applications are running.

Version 1803: May 18

Version 1803 (Build 9126.2210)

Excel: Non-security updates

  • Fix an issue where charting actions could cause Excel to crash.
  • Fix an issue where the Power View add-in is inadvertently disabled for some users.
  • Fix an issue where temporary auto-recovery files created during document recovery are never cleaned up.
  • Fix an issue where attempting to make a new connection to a text file in a protected workbook results in getting a "Workbook is protected and cannot be changed" error message.

PowerPoint: Non-security updates

  • Fix an issue where spelling correction in shapes causes PowerPoint to crash.

Office suite: Non-security updates

  • Fix an issue where, when opening an application, the user might see a message about launching in Safe mode and then the application fails to open.

Version 1803: May 8

Version 1803 (Build 9126.2191)

Excel: Security updates

  • CVE-2018-8147: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8148: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8162: Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8163: Microsoft Excel Information Disclosure Vulnerability

Excel: Non-security updates

  • Fix an issue where Excel crashes when opening a file from SharePoint Online.
  • Fix a problem where print or print preview only prints or displays a portion of the worksheet, with the content being truncated at a slicer on the worksheet.

Outlook: Security updates

  • CVE-2018-8150: Microsoft Outlook Security Feature Bypass Vulnerability

Outlook: Non-security updates

  • Fix an issue where switching to the Outbox or Sent Items folder causes Outlook to crash.
  • Fix an issue where all attendees receive meeting updates when the meeting body or attachments change, instead of sending a meeting update to the attendees being optional.
  • Fix an issue that causes users to be unable to connect to EWS and REST endpoints because of a change in the User-Agent string.

PowerPoint: Non-security updates

  • Fix an issue where PowerPoint crashes when opening a file from SharePoint Online.
  • Fix an issue where the Recovery Pane incorrectly appears when AutoSave is on.
  • Fix an issue where sign-in isn't shown preventing a user from accessing a file.

Project: Non-security updates

  • Fix an issue where using the AutoFilter dropdown on a date column causes all tasks in the project to be hidden.
  • Fix an issue where only tasks from the first summary task show up in the dialog box when adding existing tasks to a timeline when in Timeline view.

Word: Non-security updates

  • Fix an issue where Word crashes when opening a file from SharePoint Online.
  • Fix an issue where lower-case Roman number page numbers are incorrectly changed to upper case.

Office suite: Security updates

  • CVE-2018-8157: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-8158: Microsoft Office Remote Code Execution Vulnerability

Version 1803: April 10

Version 1803 (Build 9126.2152)

Excel: Security updates

  • CVE-2018-1029: Microsoft Excel Remote Code Execution Vulnerability

PowerPoint: Non-security updates

  • Fix an issue where multiple users co-authoring on the same presentation results in an incorrect duplication of slides masters.
  • Fix an issue where opening a file saved on OneDrive results in PowerPoint crashing when exiting Protected View.

Skype for Business: Non-security updates

  • Fix an issue related to TLS 1.2 support.

Word: Non-security updates

  • Fix an issue that causes an insufficient memory message to appear.

Office suite: Security updates

  • CVE-2018-0950: Microsoft Office Information Disclosure Vulnerability
  • CVE-2018-1026: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-1030: Microsoft Office Remote Code Execution Vulnerability

Version 1803: March 20

Version 1803 (Build 9126.2098)

Excel: Non-security updates

  • Fix an issue where Quick Print of an Excel workbook attached to an Outlook email may not print.
  • Fix an issue where clicking on a hyperlink may cause Excel to crash.
  • Fix an issue where using cube functions causes Excel to crash.

OneDrive for Business: Non-security updates

  • Fix an issue where OneDrive for Business (Groove.exe) consumes one CPU core’s worth of CPU (for example, 25% on a 4 core CPU) in Task Manager for extended periods of time.

Outlook: Non-security updates

  • Fix an issue where a meeting location update to attendees shows the old location instead of the new location.
  • Fix an issue where the user sees an error when previewing an attachment in the reading pane.
  • Fix an issue where Outlook crashes when resolving display names to email addresses when the user is composing an email.
  • Fix an issue where some users don't receive support features that have been enabled by their tenant admin.

Word: Non-security updates

Version 1803: March 13

Version 1803 (Build 9126.2072)

Access: Security updates

  • CVE-2018-0903: Microsoft Access Remote Code Execution Vulnerability

Access: Non-security updates

  • Fix an issue where opening an Access runtime application (.accde file) results in a "This database is in an unrecognized format" error message and the application won’t open.
  • Fix an issue where attempting to select text in a text box or combo box appears to select all the text, rather than the indication selection.

Excel: Feature updates

  • Microsoft Translator: Translate words, phrases or sentences to another language with Microsoft Translator. You can do this from the Review tab in the ribbon.
  • Convert SVG icons to shapes: Transform all SVG pictures and icons into Office shapes so you can change their color, size, or texture.
  • Deselect cells: Make selections in your worksheet and deselect cells that you accidentally clicked without having to start over.
  • Quickly access your sites and groups: Use the File menu to work with documents stored in your frequently used sites and groups.
  • Digital Pencil: Write or sketch out ideas with our new pencil texture. Simply tilt to do shading with supported digital pens.
  • LinkedIn features setting: Go to File > Options > General to control whether LinkedIn features are shown in your Office applications. Learn more
  • 3D models: Use 3D to increase the visual and creative impact of your workbooks.  Easily insert a 3D model, then you can rotate it through 360 degrees. Learn more
  • New ink effects: Express your ideas with flair using metallic pens and ink effects like rainbow, galaxy, lava, ocean, gold, silver and more.
  • Sharing files UI: For OneDrive for Business or SharePoint files, clicking the Share button in the upper right-hand corner of the ribbon or going to File > Share launches a simplified and improved Share dialog. For new or locally-saved files, the UI allows users to easily upload their files to OneDrive to start collaborating.
  • Block dangerous extensions: Extensions that are considered to be high risk, and are embedded as OLE package objects, are blocked, by default, from activating. For example, .exe, .vbs, and .js. Learn more
  • Helpful sounds improve accessibility: Turn on audio cues to guide you as you work. Find it in File > Options > Ease of Access. No add-in needed. Learn more
  • File locations by account: When opening or saving a file, the list of places is organized by the account associated with them.
  • Pen customization: Choose a personal set of pens and highlighters for inking. Your customized set is available on all your Windows PCs.

Excel: Security updates

Excel: Non-security updates

  • Fix an issue where, if your editing language is Japanese, Chinese, or Korean, Excel may freeze when you try to choose a new font on the Home tab or when you edit.
  • Fix an issue where the scroll bars are missing when a workbook is opened when Excel is minimized.
  • Fix an issue where workbook references fail when opening multiple workbooks by double-clicking on the file names in File Explorer.
  • Fix an issue where the programmatic creation of a PivotTable followed by a programmatic refresh causes Excel to crash.
  • Fix an issue where programmatically calling Workbook.Open() may cause Excel to crash.
  • Fix an issue where the user incorrectly sees a "catastrophic failure" error message when opening an Office 2007 or older workbook (.xls or .xla) with macros.
  • Fix an issue where Excel might crash when a user opens a context menu.
  • Fix an issue where, when the user tries to insert an object in an existing workbook, Excel crashes when the user clicks Browse.
  • Fix an issue where, when protecting a range with a password, the dialog box to enter the password to unlock the range isn't visible.
  • Fix an issue where the user can't close a workbook in protected view when the file name contains square brackets.
  • Fix an issue where placement of the tooltip is misaligned when dragging or drag filling.
  • Fix an issue where, when saving a workbook by using File > Save As, a file name that contains periods appears blank or truncated in the file save dialog.
  • Fix an issue where, when saving a sync-backed file, Office fails to write to disk, but Office keeps uploading the file to OneDrive. With this fix, user will now see an error message and the upload won't proceed.

Outlook: Feature updates

  • Sort your email with ease: Thanks to your feedback, we've brought back sorting above the message list and the Unread filter for people who don't use Focused Inbox.
  • Convert SVG icons to shapes: Transform all SVG pictures and icons into Office shapes so you can change their color, size, or texture.
  • Improvements to Office 365 groups: It’s easier than ever to read and reply to group conversations because you can double-click on a group message to open it in its own window.
  • LinkedIn features setting: Go to File > Options > General to control whether LinkedIn features are shown in your Office applications. Learn more
  • 3D models: Use 3D to increase the visual and creative impact of your email.  Easily insert a 3D model, then you can rotate it through 360 degrees. Learn more
  • Profile card: Shows you the most relevant details about people and groups, whether you’re on the desktop, the web, or using a mobile app.
  • Add an appointment to a group calendar: Now you can let everyone in your group know when you’ll be away without sending a meeting in email.
  • Downloading cloud attachments: When you save or drag and drop OneDrive attachments to your computer, we download the file for you.
  • Helpful sounds improve accessibility: Turn on audio cues to guide you as you work. Find it in File > Options > Ease of Access. No add-in needed. Learn more
  • Focused Inbox: The Inbox is separated into two tabs – Focused and Other. Messages are sorted based on the content of the message and who you interact with most often. Learn more
  • Quickly access the groups you use most: Groups you're most likely to interact with now appear at the top of the list under Groups in the Folder pane.

Outlook: Security updates

  • CVE-2017-11939: Microsoft Office Information Disclosure Vulnerability
  • CVE-2018-0791: Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-0793: Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-0850: Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2018-0852: Microsoft Outlook Memory Corruption Vulnerability

Outlook: Non-security updates

  • Fix an issue where search fails with “No matches found” when search is scoped to All Mailboxes.
  • Fix an issue where, when monitoring using Accessible Event Watcher (AccEvent.exe), Outlook crashes when switching folders.

PowerPoint: Feature updates

  • Microsoft Translator: Translate words, phrases or sentences to another language with Microsoft Translator. You can do this from the Review tab in the ribbon.
  • 3D animations: Bring your 3D models to life with animations such as swinging gently or jumping and turning.
  • Convert SVG icons to shapes: Transform all SVG pictures and icons into Office shapes so you can change their color, size, or texture.
  • Roaming of revision tracking info: The read/unread status for highlighting shared slides that have been modified by others is now stored in a roaming service (instead of on the user's local computer) so that this information can be synchronized across multiple devices or platforms.
  • Quickly access your sites and groups: Use the File menu to work with documents stored in your frequently used sites and groups.
  • Digital Pencil: Write or sketch out ideas with our new pencil texture. Simply tilt to do shading with supported digital pens.
  • LinkedIn features setting: Go to File > Options > General to control whether LinkedIn features are shown in your Office applications. Learn more
  • Run a slide show with your digital pen: Use your Surface Pen, or other pen with a Bluetooth button, to advance your slides. Windows 10 Fall Creators Update is required. Learn more
  • 3D models: Use 3D to increase the visual and creative impact of your presentations. Bring 3D models to life in your presentations with transitions like Morph that create cinematic animations between slides. Learn more
  • New ink effects: Express your ideas with flair using metallic pens and ink effects like rainbow, galaxy, lava, ocean, gold, silver and more.
  • Sharing files UI: For OneDrive for Business or SharePoint files, clicking the Share button in the upper right-hand corner of the ribbon or going to File > Share launches a simplified and improved Share dialog. For new or locally-saved files, the UI allows users to easily upload their files to OneDrive to start collaborating.
  • Block dangerous extensions: Extensions that are considered to be high risk, and are embedded as OLE package objects, are blocked, by default, from activating. For example, .exe, .vbs, and .js. Learn more
  • Revision highlighting: Slides that have been modified by other users are highlighted.
  • While you were away: PowerPoint shows you who edited your shared presentation since your last visit.
  • Designer improvement: Designer now recommends design ideas for timelines in a bulleted list.
  • Helpful sounds improve accessibility: Turn on audio cues to guide you as you work. Find it in File > Options > Ease of Access. No add-in needed. Learn more
  • File locations by account: When opening or saving a file, the list of places is organized by the account associated with them.
  • Pen customization: Choose a personal set of pens and highlighters for inking. Your customized set is available on all your Windows PCs.
  • Designer improvement: Designer now recommends design ideas for charts added to your slides.
  • QuickStarter: Automatically builds an outline to help users get started researching a subject of their choosing. Learn more
  • Digital ruler: On devices that have touch screens, go to Draw > Ruler, then use your pen or finger to draw straight lines or to align a set of objects. Learn more

PowerPoint: Security updates

  • CVE-2017-11934: Microsoft PowerPoint Information Disclosure Vulnerability

PowerPoint: Non-security updates

  • Fix an issue where removing document properties and personal information causes saving to SharePoint to fail.
  • Fix an issue where references to Flash Player based YouTube embed codes result in a new window opening to play the video. Old embed codes are now upgraded to reference HTML5 based YouTube videos so that they correctly play in place.
  • Fix an issue where, when saving a sync-backed file, Office fails to write to disk, but Office keeps uploading the file to OneDrive. With this fix, user will now see an error message and the upload won't proceed.

Project: Feature updates

  • Task Board view: Sort tasks on cards in the Task Board view. Reorder and move cards between columns on the board just like in Agile projects.
  • Agile projects: Manage your Agile projects using backlogs, task boards, sprints, and more. Both Scrum or Kanban methodologies are supported. Learn more  
  • Manage a task in Planner: Link a Project task to Planner and create a plan for it. Break the task into subtasks, add a team, assign tasks, and manage the work on a task board.

Project: Non-security updates

  • Fix an issue where setting more than one baseline in a session sets the MOD_DATE value as the same.
  • Fix an issue where Actual Work is still shown in the reporting tables after being removed in a Save for Sharing session.
  • Fix an issue in the German language version where using a Weeks date format returns an error when scheduling.
  • Fix an issue where, when editing finish dates in Schedule Web Part, tasks stay at 8 hours per day instead of being spread over time.
  • Fix an issue where "Progress point shape" is drawn at an unexpected location.
  • Fix an issue where VBA code gets lost from projects.
  • Fix an issue where tasks show as complete even when there is remaining work.
  • Fix an issue where Project hangs when using the Task Path feature.
  • Fix an issue where the timescale doesn't show the timescale labels.
  • Fix an issue where visual reports show incomplete information or fail completely.
  • Fix an issue where a failed save can corrupt a file and cause Project to crash on open.
  • Fix an issue where you can't drag tasks in the Timeline and Team Planner view.
  • Fix an issue where resource availability isn't shown in Team Builder.
  • Fix an issue where graphical indicators aren't displaying correctly.
  • Fix an issue where Project hangs while leveling on hour-by-hour or day-by-day basis.
  • Fix an issue for working with master/sub projects from a SharePoint Document library.
  • Fix an issue where, when you add assignments to a fixed duration task, you may end up with a nameless resource.
  • Fix an issue that produces an incorrect error message of change on protected work.
  • Fix an issue where Project might crash when going to reports that contain several images.

Publisher: Feature updates

  • Block dangerous extensions: Extensions that are considered to be high risk, and are embedded as OLE package objects, are blocked, by default, from activating. For example, .exe, .vbs, and .js. Learn more

Publisher: Non-security updates

  • Fix an issue where filtering on data source fields containing null (empty) values fails when running the Mail Merge wizard.

Skype for Business: Non-security updates

  • Fix an issue where adding users by selecting 'Skype Call' in a meeting causes an error.
  • Remove prompt asking user to add Skype coordinates to a meeting, if a Skype Room is added as the location and the meeting already contains Teams meeting coordinates.
  • Fix an issue where location is populated even when UseLocationForE911Only is set to true.
  • Fix an issue where Skype for Business hangs when using the "call using conference center" option to invite users from the roster.
  • Fix an issue where Outlook running on terminal server freezes while creating a Skype for Business meeting.
  • Change the default value of EnableRestoreOAuthUsedKeyWhenUsingCachedWebTicket to TRUE.
  • Fix an issue where "More Options" and "Invite More People" buttons are hidden when a meeting is in full-screen mode.
  • Fix an issue where the P2P audio call window or conference call window becomes transparent when you attempt to join.
  • Fix an issue where upcoming Skype meetings do not show up in the meetings tab.
  • Fix an issue where, when Skype for Business is configured to join meetings without audio, adding audio to a meeting initiates a new P2P call to the user itself rather than adding audio to the existing meeting.
  • Fix an issue where user receives the error message "We couldn't find this Skype meeting" when clicking 'Join Skype Meeting' link in a meeting request from Outlook.
  • Add call transfer button in the toast UI for incoming PSTN calls.
  • Notify users that calls and chat are being sent to Teams when ChatDefaultClient and CallDefaultClient are set to Teams.
  • Show user's presence as Offline when user is not in a meeting and disabled from Skype for Business and meeting join experience is set to Native Limited Client.
  • Disable all options except Open and Exit when Skype for Business is minimized to the notification area.
  • Suppress new calls and conversations when paired with Aries phones and RedirectClient is enabled.
  • Fix an issue where searching messages in PChat by date fails when the date format is other than US format (mm/dd/yy).
  • Fix an issue where, when EnableExternalP2PFileTransfer policy is set to false, users are still able to attach files in meetings.
  • Fix an issue where, in Conversation History, the caller is shown instead of the called person. This happens when the called person's work number is modified using Active Directory.
  • Fix an issue where, for outgoing PSTN calls to mobile numbers, recipient information is missing in the call history in conversation history.
  • Fix an issue where, when initiating an IM from an email in Outlook, the subject line of the email is not included in the subject of the IM.
  • Fix an issue where, when IM conversation windows are snapped to one side, conversations appear double stacked.
  • Fix an issue where, in a VDIv2 environment, VbSS screen sharing requests appear as RDP-based requests.
  • Fix an issue where, in a failed call transfer, the caller is listed in the failure notification, instead of the missed recipient.
  • Fix an issue where the "Start using Teams" button is hidden within the client upgrade redirect banner.
  • Fix DPI scaling issues in IM windows.
  • Fix an issue where LinkedIn data does not appear in the Skype for Business Contact Card.
  • Add the ability for users to stop receiving calls on behalf of a hunt group.
  • Add the ability to automatically hold calls when a call is active in Skype for Business or Teams and a new call is received or initiated.
  • Fix an issue where users are unable to IM after full screen sharing.
  • Fix an issue where users in the lobby aren't notified when they're denied from entering the meeting.
  • Fix an issue where automatic gain control increases uncontrollably during calls.
  • Fix an issue where users are unable to select a presenter in Meeting Options when a conference room resource mailbox is added to a meeting invite.
  • Fix an issue where the desktop sharing button is dimmed during a peer-to-peer video call if AllowlPVideo is set to False.
  • Fix an issue where IM stays disabled after changing the Meeting Option setting to Enable IM for existing meetings created with Disable IM.
  • Fix an issue where the tooltip isn't shown when hovering over the "Insert Link" button in the chat window, and there isn't an accessibility name when the button is selected.

Visio: Feature updates

  • Built-in database model diagrams: Use the new Database Model Diagram template to accurately model your database as a Visio diagram. No add-in required.
  • More stencils for business diagrams: Using modern shapes, compare and contrast data with a Venn diagram, or draw Cycle, Matrix, or Pyramid diagrams to help tell your story.
  • Create a wireframe diagram for a website: Quickly create a wireframe diagram of a website including interface, navigation, and how they work together. Learn more
  • Create a wireframe of your mobile application: Use a template to create a wireframe of your mobile application. Learn more
  • Apply data graphics to Data Visualizer diagrams: Save time when you create a Data Visualizer diagram by automatically applying shape data as data graphics. Learn more
  • Collaborate on drawings: Work with others by sharing your drawings on OneDrive for Business or SharePoint Online. You can see who is working on the drawing, add comments, and see file activity. Learn more
  • Block dangerous extensions: Extensions that are considered to be high risk, and are embedded as OLE package objects, are blocked, by default, from activating. For example, .exe, .vbs, and .js. Learn more

Word: Feature updates

  • Convert SVG icons to shapes: Transform all SVG pictures and icons into Office shapes so you can change their color, size, or texture.
  • Character count: Display the character count on the status bar as you type. You can enable this from the Customize Status Bar menu.
  • Quickly access your sites and groups: Use the File menu to work with documents stored in your frequently used sites and groups.
  • Microsoft Translator: Translate words, phrases, or the whole document into another language using Microsoft Translator, right in Word. Learn more
  • Digital Pencil: Write or sketch out ideas with our new pencil texture. Simply tilt to do shading with supported digital pens.
  • LinkedIn features setting: Go to File > Options > General to control whether LinkedIn features are shown in your Office applications. Learn more
  • SharePoint property panel: Display and edit SharePoint document library column values from within a document. A ribbon button on the View tab provides easy access to the panel and SharePoint admins can use a document library setting to automatically open the property panel.
  • 3D models: Use 3D to increase the visual and creative impact of your documents.  Easily insert a 3D model, then you can rotate it through 360 degrees. Learn more
  • New ink effects: Express your ideas with flair using metallic pens and ink effects like rainbow, galaxy, lava, ocean, gold, silver and more.
  • Sharing files UI: For OneDrive for Business or SharePoint files, clicking the Share button in the upper right-hand corner of the ribbon or going to File > Share launches a simplified and improved Share dialog. For new or locally-saved files, the UI allows users to easily upload their files to OneDrive to start collaborating.
  • Block dangerous extensions: Extensions that are considered to be high risk, and are embedded as OLE package objects, are blocked, by default, from activating. For example, .exe, .vbs, and .js. Learn more
  • Edit using Learning Tools: Learning Tools is now available in Word's Web Layout. Adjust your text spacing and show syllables while you edit. In any view, see each word highlighted as the document is read aloud. Learn more
  • LaTeX syntax: Create and edit math equations using LaTeX syntax.
  • Helpful sounds improve accessibility: Turn on audio cues to guide you as you work. Find it in File > Options > Ease of Access. No add-in needed. Learn more
  • File locations by account: When opening or saving a file, the list of places is organized by the account associated with them.
  • Pen customization: Choose a personal set of pens and highlighters for inking. Your customized set is available on all your Windows PCs.
  • Enhanced writing assistance with Editor pane: Use the Editor pane for advanced spelling, grammar and writing style recommendations. It’s built to be accessible with improved support for assistive technologies.

Word: Security updates

Word: Non-security updates

  • Fix an issue where Word crashes when a user tries to do a Save As to an existing document on OneDrive for Business and then cancels the save or tries to merge existing changes.
  • Fix an issue where filtering on data source fields containing null (empty) values fails when running the Mail Merge wizard.
  • Fix an issue where, when saving a sync-backed file, Office fails to write to disk, but Office keeps uploading the file to OneDrive. With this fix, user will now see an error message and the upload won't proceed.
  • Fix an issue where removing IRM protection on a document doesn’t remove the protection.

Office suite: Security updates

Office suite: Non-security updates

  • Fix an issue where, when opening an application, the user might see a message about launching in Safe mode and then the application fails to open.
  • The Update Now option is hidden from File > Account > Update Options when an Office COM object is enabled so that Office 365 client updates are managed by Configuration Manager.
  • Fix an issue where the Office app crashes when the user tries to activate Office using the Activate Office dialog box.
  • Fix an issue with zooming and scaling in Office Add-ins under dynamic DPI environment.
  • Fix an issue where the CurrentStatus node of the Office configuration service provider (CSP) returns an empty string even if Office 365 ProPlus is currently installed.
  • Fix an issue that causes .box file format changes, which impacts functionality of older versions of Office installed on the same computer, because .box files are shared across all versions of an Office app on the same computer.

Version 1708: February 13

Version 1708 (Build 8431.2215)

Access: Non-security updates

  • Fix an issue where, when using a multiple items form, adjusting the position of the mouse wheel or the scrollbar thumb doesn't change the items that are displayed in the form.

Excel: Security updates

  • CVE-2018-0841: Microsoft Excel Remote Code Execution Vulnerability

Outlook: Security updates

  • CVE-2018-0850: Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2018-0852: Microsoft Outlook Memory Corruption Vulnerability

Office suite: Security updates

  • CVE-2018-0851: Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0853: Microsoft Office Information Disclosure Vulnerability

Version 1708: January 9

Version 1708 (Build 8431.2153)

Excel: Security updates

Excel: Non-security updates

  • Fix an issue where the programmatic creation of a PivotTable followed by a programmatic refresh causes Excel to crash.

Outlook: Security updates

  • CVE-2018-0791: Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-0793: Microsoft Outlook Remote Code Execution Vulnerability

Word: Security updates

  • CVE-2018-0792: Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0793: Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-0794: Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0798: Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0801: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-0802: Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0804: Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0805: Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0806: Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0807: Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0812: Microsoft Word Memory Corruption Vulnerability

Office suite: Security updates

Office suite: Non-security updates

  • Add support for single sign-on (SSO) for domain users for Office 365 Germany plans where the identity is federated with an on-premises Active Directory.
  • Add functionality to prevent minors from acquiring and activating Office Add-ins that come from the Office Store.

Note

If you need help with an issue with using Office, we recommend that you post your question on Microsoft's Answers forum or Tech Community, or you can contact support.